Joomla! Component MySMS – Arbitrary File Upload

  • 作者: Sid3^effects
    日期: 2010-07-10
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/14315/
  • 1 ########################################## 1
0 I'm Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :Joomla com_mysms Upload Vulnerability
Date : july 10,2010
Critical Level 	: HIGH
vendor URL :http://www.willcodejoomlaforfood.de/
Author : Sid3^effects aKa HaRi 
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description 
MySMS is standing for "Simple sms component" for Joomla. The MySMS component is now available for Joomla 1.0.x ( com_mysms-0.9.4.zip ) and for Joomla 1.5.x series ( use com_mysms-1.5.10.zip ).

This component supports following sms gateway provider today: w2sms, teleword, smskaufen, smscreator, sms77, sms4credits, mobilant, mesmo, clickatell, aspsms, nohnoh, mexado, innosend, suresms,compaya and hardwired, mobilenl, sloono, smsat and wannfind, agiletelecom, smsviainternet, infobip, at&t, smscom, coolsms, smsglobal, aruhat, massenversand, smstrade.
#######################################################################################################
Xploit: Upload Vulnerability

Step 1: Register first :D 

Step 2: Goto your profile "Mysms" option

Step 3: The attacker can upload shell in the "Import phonebook" option and it doesnt validate any file format so upload your shell 
DEMOU URL :http://server/?option=com_mysms&Itemid=0&task=phonebook

Step 4: your shell is uploaded and now you do ur job ;)

#######################################################################################################
# 0day no more 
# Sid3^effects